fromIntegral: conversion error
fromIntegral may result in coercion errors when used
with optimization flags -O1 or -O2 in the
following situation:
- Converting negative
InttoNaturaldoes not throw an arithmetic underflow error - Converting large
Integergreater than 2^64 toNaturaloverflow.
For the most part, these errors in and of themselves result only in availability and data integrity issues. However, in some circumstances, they may result in other, more complicated security related flaws, such as buffer overflow conditions.
Info
- Published
- March 20, 2025
- Modified
- March 20, 2025
- CAPECs
- < none >
- CWEs
- 192
- Keywords
- integrity, dos, historical
- Aliases
- < none >
- Related
- < none >
- References
- [REPORT] https://gitlab.haskell.org/ghc/ghc/-/issues/19345
- [REPORT] https://gitlab.haskell.org/ghc/ghc/-/issues/20066
- [FIX] https://gitlab.haskell.org/ghc/ghc/-/merge_requests/4980
- [FIX] https://gitlab.haskell.org/ghc/ghc/-/merge_requests/6109
Affected
base
- CVSS
- CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
- Versions
>=4.15.0.0 && <4.15.1.0- Declarations
- < none >